Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Rise of Feudal Computer Security

Posted by Soulskill on from the fanboy-is-now-a-liegeman dept.

Hugh Pickens writes "In the old days, traditional computer security centered around users. However, Bruce Schneier writes that now some of us have pledged our allegiance to Google (using Gmail, Google Calendar, Google Docs, and Android phones) while others have pledged allegiance to Apple (using Macintosh laptops, iPhones, iPads; and letting iCloud automatically synchronize and back up everything) while others of us let Microsoft do it all. 'These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don't like. Or we can spread our allegiance around. But either way, it's becoming increasingly difficult to not pledge allegiance to at least one of them.' Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. Today we users must trust the security of these hardware manufacturers, software vendors, and cloud providers and we choose to do it because of the convenience, redundancy, automation, and shareability. 'In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm (PDF). Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades.' In this system, we have no control over the security provided by our feudal lords. Like everything else in security, it's a trade-off. We need to balance that trade-off. 'In Europe, it was the rise of the centralized state and the rule of law that undermined the ad hoc feudal system; it provided more security and stability for both lords and vassals. But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore,' concludes Schneier, adding that perhaps it's time for government to create the regulatory environments that protect us vassals. 'Otherwise, we really are just serfs.'" An anonymous reader provides a contrary opinion:

"The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.

Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.

The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. ... The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities."

31 of 147 comments (clear)

  1. let the fools who dont know history suffer by Anonymous Coward · · Score: 3, Interesting

    These people who fall into the vendor lock in do it on their own free will, what rights does the government have regulating their decisions?

    1. Re:let the fools who dont know history suffer by logjon · · Score: 2, Insightful

      No shit. People want government involved in literally fucking everything at this point.

      --
      The stories and info posted here are artistic works of fiction and falsehood.
      Only fools would take it as fact.
    2. Re:let the fools who dont know history suffer by spire3661 · · Score: 5, Insightful

      The government is ALREADY involved in literally everything. Better ot realize that and shape it to our own ends, rather then pretend it doesnt exist.

      --
      Good-bye
    3. Re:let the fools who dont know history suffer by Anonymous Coward · · Score: 5, Insightful

      The government is a collective implementation of society. It has the rights that the whole of society gives it to look out for the common good. Rather than having to have individual people make their own mistakes or get individually conned, the government is an institution granted the rights to protect *your* rights.

      It isn't the government regulating your decision; it's the government providing an environment in which as many options as possible are safe for you to choose from, so that you can specialize in something else and still be protected without having to worry about being swindled or conned out of giving up your own rights that have already been recognized by the collective society.

      You can certainly argue that it's an idealistic framework that often doesn't meet such a mark in practice, and you can argue that the government can wind up doing its own share of swindling, but it's wrong to implicitly suggest that the government needs "rights" to be valid about doing what it does.

    4. Re:let the fools who dont know history suffer by chispito · · Score: 2, Insightful

      The government is ALREADY involved in literally everything. Better ot realize that and shape it to our own ends, rather then pretend it doesnt exist.

      In what way is that better than advocating for a limited government?

      --
      The Daddy casts sleep on the Baby. The Baby resists!
  2. "We really are just serfs." by Minwee · · Score: 2

    Admit it, Bruce. This is all just an elaborate setup to excuse you for using the word "Microserfs".

    1. Re:"We really are just serfs." by Chris+Mattern · · Score: 5, Funny

      Well, except for Vint. He's a Cerf.

    2. Re:"We really are just serfs." by Anne_Nonymous · · Score: 5, Funny

      Bend over, Apple demands primae noctis.

  3. Say what you want. by Anonymous Coward · · Score: 2, Funny

    Say what you want about Apple, Microsoft, Google, etc .... It's not like they make you agree to some sort of user agreement to use their products - you know, the Take It or Leave it type of agreement where you have no leeway in protecting your interests.

    God, the headline makes it sounds like we, the consumer, are powerless as to what those organizations do.

    Geeze!

    1. Re:Say what you want. by DogDude · · Score: 2

      Yes we have a right to choose which product we want to use, but we are not offered the ability to use anything without handing over some fundamental right in the long run.

      Like what, exactly?

      --
      I don't respond to AC's.
    2. Re:Say what you want. by denvergeek · · Score: 2

      Come to think of it, I'd kind of like to try some sort of ownCloud Funambol Citadel setup. All the good stuff of ownCloud, plus mail and synced contacts/calendars.

    3. Re:Say what you want. by Kjella · · Score: 4, Insightful

      The problem is if you don't like any of their agreements, you just can't use technology. Yes we have a right to choose which product we want to use, but we are not offered the ability to use anything without handing over some fundamental right in the long run. The only option is to become a Luddite and live in a cave. There is no Gypsy option yet for technology and associated cloud services.

      Oh please, you can do pretty much everything if you either a) host it yourself or b) rent some space in a co-lo. I don't store my things "in the cloud", I store them on my HDDs with backups just like I did before the cloud and social media became the new hype. You don't have to blog on Facebook, you can easily get a free blog on your own terms. If you don't like Spotify then iTunes and Amazon didn't go anywhere. And if there's no free alternative to iEverywhere or gEverywhere it's because nobody's bothered to build it on top of Linux and Android - last I checked the source code to both was free and so was the SDKs so free free to start, rather than whine about it.

      Most people just don't want to manage their own computers, least not in the sense you and I mean. They're perfectly happy with an Apple or Google "appliance" that runs 100000+ apps. Why point fingers at the corporations when 99% handed over control voluntarily? It's like saying democracy needs regulation because 99% make stupid decisions. You can't regulate people into caring about the things you care about, because you'd have to be blind and deaf to not have noticed the wailing every time Facebook changes their privacy policy. Yet people keep using it. Same way there's nothing preventing people from installing Linux, but 99% don't do it anyway. Most people simply don't care if their computer comes as a big binary blob.

      --
      Live today, because you never know what tomorrow brings
    4. Re:Say what you want. by dickplaus · · Score: 2

      If you wanted to be lazy you can use something like iredmail, roundcube and owncloud (has carddav/caldav support). That'd pretty much give you what you're looking for.

  4. Exaggerated by Extremus · · Score: 2, Insightful

    I find the comparison a bit exaggerated, but I agree with the conclusions. We need legislation to cover the relation between social agents and information keepers. For example, any company should allow for any customer to migrate all her data to another service, without the information loosing its original structure. The custumers should be also safeguarded against information companies going bust with their data. Etc.

    1. Re:Exaggerated by Redmancometh · · Score: 3, Informative

      Legislate away the right to proprietary technology? You're so far left you fell off...of the wing?

    2. Re:Exaggerated by vlm · · Score: 3, Interesting

      The custumers should be also safeguarded against information companies going bust with their data.

      Talk to the construction trades about being "bonded and insured" (before or after talking about unionization, and talking about apprenticeship, of course)

      Its a simplification, but if you contract out to a bonded and insured contractor who goes out of business (lawsuit, bankruptcy, death, whatever) the bonding company will pay to get "someone else" to do the work for you at no additional cost. Obviously the risk to the insurer depends on the scale of work and the health of the contractor and length of job... I would imagine the mighty GOOG would pay less for bonding than a dotcom.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    3. Re:Exaggerated by RogueLeaderX · · Score: 2

      For example, any company should allow for any customer to migrate all her data to another service, without the information loosing its original structure.

      This goal is nearly impossible. Are you going to legislate the data structure for every SaaS out there? How on earth is congress going to keep up with the rapidly changing landscape that is silicon valley?

      The U.S. congress was designed to move slowly. It's a bit like a qwerty keyboard. They've already bitten off more than can chew, as they've shown time and again recently.

    4. Re:Exaggerated by DogDude · · Score: 2

      Now what might work would be a requirement for all data exports to be completely non-proprietary non-binary well formed XML. You might not get their DB table design but at least you'll get each row.

      Just putting in in XML doesn't accomplish anything. Besides, what kind of apps don't allow for exports of some kind? I hear people complaining about "lock in" all of the time, in terms of data, but I don't have a single business application that doesn't allow a data export of some kind. The format that it can be exported to really doesn't matter, since you'll always have to do significant work to get data moved from one application/platform to another.

      --
      I don't respond to AC's.
  5. Just ask Vint by Anonymous Coward · · Score: 3, Funny

    I thing that we're all Cerfs.

  6. Where should regulation be focused? by characterZer0 · · Score: 5, Insightful

    I have chosen to avoid any trust in or allegiance to Google, Apple, Facebook, or Microsoft. I have to trust my hardware, but I can switch that easily enough. I chose to trust Debian, but could easily enough switch that too. Everybody is free to make these decisions. I can use end-to-end encryption to hide my data from anyone else.

    I am at the mercy of my ISP. If they fail to route properly I have no recourse and no alternative faster than 56k dial-up. Network neutrality and fairness from recipients of government-granted monopolies is where the regulation is required.

    --
    Go green: turn off your refrigerator.
  7. Or *are* we? by Narcocide · · Score: 2

    I say, declare your independence.

  8. Nah, let's just standardize on them by denis-The-menace · · Score: 3, Insightful

    Like MS' Open Office XML (An I$O standard with patents)

    Like the MP4 codec (An I$O standard with patents)

    Etc.

    That way the government can demand that all their products they buy follow the ISO standards and nobody is force to use it /s

    --
    Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
  9. Stupid metaphor == poor thinking by mveloso · · Score: 3, Interesting

    You're responsible for your own security. You don't pledge allegiance to a vendor, you use their wares until it doesn't satisfy your personal requirements.

    This sort of metaphor, while poetic, is counterproductive.

  10. But we need them to be involved! by Roger+W+Moore · · Score: 2

    No shit. People want government involved in literally fucking everything at this point.

    But we need them to be involved in everything. Who else will protect us from people making wildly inaccurate historical comparisons online?

  11. Ask yourself by DaveAtFraud · · Score: 2

    Regulated services at best provide consistent, mediocre service at the highest rate the regulator will let them charge; usually they provide the minimum they can get away without getting fined too much. Ask yourself how happy are you with the other regulated services in your life like land-line phone carrier, cable television provider, electric company, natural gas company, etc.?

    I thought not.

    Cheers,
    Dave

    --
    They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
    Ben
  12. Re:What a load of crap! by DeepBlueDiver · · Score: 5, Insightful

    In fact anyone capable to run his own infrastructure already had most of this services more than 10 years ago.

    Webmail, file storage accessible from anywhere, files synchronization between computers thru Internet, remote encrypted backups... all of this is quite trivial to setup and can be tailored to your needs in such a way that you won't even think of going back to "generic" services.

    Don't get me wrong, all this "cloud" thing has been great to bring to the masses what we nerds always had. But I have yet to see one of this services successfully replacing what I already provide to myself with just an Internet connection, a router, a NAS, and tiny server.

  13. Re:computer security by vlm · · Score: 2

    Regarding security, how does companies like Coca Cola been able to keep their formula secret? Obviously not stored in The Cloud. Any techniques that can be applied for other safeguards? Besides limiting it to just three people.

    I know how the coca cola formula secrecy works and you're not going to like the solution. Homeopathy. No I'm not kidding. Any wanna be chemist probably gets to analyze soda of their choice in quant chem analysis and I did just that about 20 years ago. The fact that its 99.9999% water, HFCS (back then, it was sugar), caffeine, salt, standard sanitation and preservation chems, and food coloring is no secret nor are the ratios. There is a strange cross between legal fiction and homeopathy that if you run thru a GCMS or HPLC setup you'll find like a nanogram of black pepper in each bottle or whatever.

    The secrecy is more of a loyalty test... like if it ever came out in public that one black peppercorn (or white, or whatever) was smashed and fractionated into an entire years worth of a nations production of coca cola syrup, then they'd know who leaked, and fire the disloyal worker. In fact more likely the tell a different lie to each worker and see what gets leaked...

    I have no idea how to implement this in "da cloud". My guess is a combo of OTP and steganography embedded in files or something like that. Make a million fake simulated users who simulate doing all kinds of cloudy stuff, but if you gather the 34256236th bit of the 13519th file from each user and assemble them all its the launch codes or whatever.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  14. Re:The Big Players are following a Pattern... by Anonymous Coward · · Score: 2, Interesting

    The Pentagram: Google, Apple, Microsoft, Facebook, and Twitter.
    To us (the serfs) it looks like they are in competition, but they are working together to control the entire world. The Pentagram's power and control knows no boundaries, it fears no military. They have centers of operation spread throughout the world, it will not harm them if some are taken out. Look how much change they have been a part of in the world during the last 5 years. Cheap cellphones and Twitter have overthrown governments. The world governments are afraid of the power of the Pentagram. They are making demands on them (such as data collection, warrantless wiretaps), but in the process have realized that the Pentagram is more powerful than each country's government. The Pentagram can shape and mold public opinion by the way they filter the news and control the flow of information. Unlike you, I am not afraid. I look forward to a world where countries become more like cultural districts rather than entities at war.

  15. Always WAS Feudalism by dwye · · Score: 2

    Classical medieval feudalism depended on overlapping, complex, hierarchical relationships.

    Wrong. It depended on simple relationships (lord {=} vassal); it started to fall apart when the relationships became complicated (look up The Hundred Years War for a nasty case of its collapse)(see the Thirty Years War for its final collapse).

    Anyway, it always was feudalism. Who owned their own computers before the Altair? In the early days of the PC era, most computer users still were primarily attached to work machines. The Internet was run by personal relationships between the Great Lords (i.e., the administrators of the major Internet nodes), sealed with little more binding at the beginning than a handshake (which was how Jon Postel got stuck running the DNS root node for years). Given that users can still choose what Schneier thinks of as feudal lords, that makes users minor barons, rather than serfs (no serf could do anything except run away from their lord, or launch futile revolts once a century or so).

    Would Bruce Schneier really prefer it run by men with guns and bayonets enforcing the wills of THEIR lords (swayed, no doubt by bribes or job offers for after they leave Federal service), launching wars against each other like 20th Century govenrments, etc? Please, give me benign neglect, any day.

  16. Re:What a load of crap! by bananaquackmoo · · Score: 3, Informative

    Take drop box. Show me two apps one server and one client that uses the same client app across multiple platforms that allows for easy, secure syncing to not just one server, but any server I choose?

    I'll take that open-source bet. http://owncloud.org/ I'm already running copies.

  17. Have to stay on top, I use all in some capacity. by VortexCortex · · Score: 3, Interesting

    Kind of shitty article though. I thought Bruce was going to talk about how some security researchers won't release their findings to the world, keeping the security holes secret so they're less likely to be patched, esp. those cyber-"security" teams of governments themselves... I run my own servers for my email and services that really matter to me and my family. That, and there's no such thing as a client or server, really... My, logs show that grandma just synched more photos to our private distributed "freenet" cloud. She probably did that by plugging in her camera to her PC -- the sync automatically scans her albums folder.

    Oh, I might be pledging alegence to Free Software! Oh no! Why, whatever will I do if Linux becomes a fiefdom? Why, I'll Fork it, or use BSD, both of which run the important shit just fine... Also, my VOIP system connects directly between my family's houses avoiding even using a 3rd party service for in-family calling. I

    I thought it was supposed to be increasingly difficult not to pledge alegence to MS, Apple or Google. It's actually getting easier to NOT do so if you ask me and mine. Woops, I'm sorry. Didn't mean to actually prove anyone's article completely wrong. I would say to Bruce that he needs to clarify that it's only getting more difficult for ignorant people who don't care about what he's talking about to avoid...